SECConsultVulnerabilityLabSecurityAdvisory<20190510-0>=======================================================================title:UnauthenticatedSQLInjectionvulnerabilityproduct:OpenProjectvulnerableversion:5.0.0-8.3.1fixedversion:8.3.2&9.0.0CVEnumber:CVE-2019-11600impact:Criticalhomepage:https://www.openproject.orgfound:2019-04-17by:T.Soo(OfficeBangkok)SECConsultVulnerabilityLabAnintegratedpartofSECConsultEurope|Asia|NorthAmericahttps://www.sec-consult.com=======================================================================Vendordescription:-------------------"OpenProject is the leading open source project management software.Supportyourprojectmanagementprocessalongtheentireprojectlifecycle:Fromprojectinitiationtoclosure."Source:https://www.openproject.org/Businessrecommendation:------------------------Thevendorprovidesapatchwhichshouldbeappliedimmediately.Anin-depthsecurityanalysisperformedbysecurityprofessionalsishighlyadvised,asthesoftwaremaybeaffectedfromfurthersecurityissues.Vulnerabilityoverview/description:-----------------------------------AnSQLinjectionvulnerabilityhasbeenidentifiedintheweb"activities API".AnunauthenticatedattackercouldsuccessfullyperformanattacktoextractpotentiallysensitiveinformationfromthedatabaseifOpenProjectisconfigurednottorequireauthenticationforAPIaccess.Proofofconcept:-----------------RequestingthefollowingURLwilltriggeratimedelayasaproofofconceptforexploitingtheblindSQLinjection:http://<host>/api/v3/activities/1)%20AND%203281%3d(SELECT%203281%20FROM%20PG_SLEEP(1))%20AND%20(7777%3d7777Vulnerable/testedversions:-----------------------------ThevulnerabilityhasbeenidentifiedinOpenProjectversion8.3.1whichwasthemostcurrentversionatthetimeofdiscovery.Accordingtothevendorallversionsbetween5.0.0and8.3.1areaffected.Olderversions(<5.0.0)arenotvulnerable.Vendorcontacttimeline:------------------------2019-04-30:Contactingvendorthroughsecurity@openproject.com2019-04-30:Apatchispublishedinversion8.3.22019-05-06:Vendorpublishesfurtherdetails2019-05-10:ReleaseofsecurityadvisorySolution:---------Thevendorprovidesapatchedversion8.3.2andasecuritynoticewithfurtherinformation:https://www.openproject.org/release-notes/openproject-8-3-2https://groups.google.com/forum/#!msg/openproject-security/XlucAJMxmzM/hESpOaFVAwAJWorkaround:-----------NoneAdvisoryURL:-------------https://www.sec-consult.com/en/vulnerability-lab/advisories/index.html~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~SECConsultVulnerabilityLabSECConsultEurope|Asia|NorthAmericaAboutSECConsultVulnerabilityLabTheSECConsultVulnerabilityLabisanintegratedpartofSECConsult.ItensuresthecontinuedknowledgegainofSECConsultinthefieldofnetworkandapplicationsecuritytostayaheadoftheattacker.TheSECConsultVulnerabilityLabsupportshigh-qualitypenetrationtestingandtheevaluationofnewoffensiveanddefensivetechnologiesforourcustomers.Henceourcustomersobtainthemostcurrentinformationaboutvulnerabilitiesandvalidrecommendationabouttheriskprofileofnewtechnologies.~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~InterestedtoworkwiththeexpertsofSECConsult?Sendusyourapplicationhttps://www.sec-consult.com/en/career/index.htmlInterestedinimprovingyourcybersecuritywiththeexpertsofSECConsult?Contactourlocalofficeshttps://www.sec-consult.com/en/contact/index.html~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Mail:researchatsec-consultdotcomWeb:https://www.sec-consult.comBlog:http://blog.sec-consult.comTwitter:https://twitter.com/sec_consultEOFThanaphonSoo/@2019

About Us

Nmmapper
Offers on line tools for penetration
Testers and System Administrators